M$ Outlook certificate import

October 15, 2007

After reading this lines:

The nscrit flag sets the critical flag of netscape-certificate-type. It is strongly recommended that this option is not used because any implementation that does not interpret this non standard extension will reject the certificate as invalid. For example Outlook 98 does this. If you don’t mind or want this behaviour then feel free to use the option…

i create this post in order to make a mental note:

When you need to create a cert for signing used by any microsoft email software remove the critical flag from the nsCertType (and anything that has to do with Netscape specific things).  I believe that there are some issues between Outlook and Outlook express when used the critical flag on keyUsage (Outlook express checks the keyUsage, Outlook checks the extendedKeyUsage) , but I don’t feel like checking right now 😉


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: